fix: merge design-audit remediation into main#811
Conversation
|
Updates to Preview Branch (codex/main-merge-safe-final-20260718-resubmit) ↗︎
Tasks are run on every commit but only new migration files are pushed.
❌ Branch Error • Sat, 18 Jul 2026 06:34:53 UTC View logs for this Workflow Run ↗︎. |
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (8)
📝 WalkthroughWalkthroughThe change refactors RAG retrieval and SQL correction workflows, separates sitemap route classes, updates service and form interfaces, strengthens regression coverage, and adjusts repository tooling and review documentation. ChangesRAG retrieval and database scalability
Sitemap route discovery
Dashboard and service UI behavior
Repository tooling and review records
Estimated code review effort: 5 (Critical) | ~120 minutes Possibly related PRs
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 2 | ❌ 3❌ Failed checks (2 warnings, 1 inconclusive)
✅ Passed checks (2 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
…in-merge-safe-final-20260718-resubmit
Restore dashboard H1 expectations to Clinical Guide, mock service-detail registry records so 13YARN/City East load, drop forms assertions that conflicted with the live Refine/pathway UI, restore mode-menu click safety handlers, and correct the presentations redirect sitemap slug. Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
…lback Suite-wide reducedMotion collapses CSS transition duration, so the phone dock duration assertion could not pass in Production UI. Prefer whitespace-empty presentations `query` falling through to `q`. Drop the Chromium no-preference override again now that the duration assert is gone. Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
There was a problem hiding this comment.
Actionable comments posted: 7
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
src/lib/rag.ts (1)
1679-1687: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick winRestrict direct images to the result’s authorized document.
The service-role query filters only by image ID, and attachment does not verify
image.document_id === result.document_id. A stale or cross-documentsource_image_idcan therefore expose another document’s image. Filter the query bydocumentIdsand enforce document equality when attaching.Also applies to: 1741-1746
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/lib/rag.ts` around lines 1679 - 1687, Update the direct-image query near the source image lookup to restrict results to the authorized document IDs using documentIds, while preserving the existing image filters. In the attachment logic near the corresponding result mapping, only attach an image when its document_id equals the current result.document_id, preventing stale or cross-document source_image_id values from being exposed.src/lib/rag-candidate-sources.ts (1)
185-207: 🩺 Stability & Availability | 🟠 Major | 🏗️ Heavy liftThread the caller abort signal through the retrieval pipeline.
These helpers still finish their Supabase round-trips after the request is canceled because
signalstops at the orchestration layer.
src/lib/rag-candidate-sources.ts#L185-L207,#L1006-L1097: addsignalto the candidate loaders and pass it intocallVersionedRetrievalRpc.src/lib/rag-candidate-sources.ts#L632-L873andsrc/lib/rag.ts#L1543-L1691: threadargs.signalthrough the document/chunk hydration, ranking metadata, and page-evidence queries.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/lib/rag-candidate-sources.ts` around lines 185 - 207, Thread the caller abort signal through the retrieval pipeline: add signal parameters to the candidate loaders in src/lib/rag-candidate-sources.ts at lines 185-207 and 1006-1097, and pass them to callVersionedRetrievalRpc. Propagate args.signal through document/chunk hydration and ranking metadata in src/lib/rag-candidate-sources.ts at lines 632-873, plus page-evidence and related queries in src/lib/rag.ts at lines 1543-1691, 2514-2527, and 2802-2852, ensuring every relevant Supabase round-trip receives the signal.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/branch-review-ledger.md`:
- Line 598: Update the ledger row identified by commit 570e6ba56 in the branch
review record to replace every literal � replacement character with the intended
punctuation, preserving the entry’s wording and table structure.
In `@playwright.config.ts`:
- Line 58: Update the transition assertion in tests/ui-tools.spec.ts (1021-1033)
to honor the suite-wide reduced-motion setting from playwright.config.ts
(58-58): assert the zero-duration state under reduced motion, or restrict the
100ms assertion to a motion-enabled project.
In `@scripts/check-github-action-pins.mjs`:
- Around line 13-22: Guard the SAST-specific validation block near the existing
workflow-file processing so it does not read sast.yml when .github/workflows is
absent. Reuse the directory existence result from discoverGitHubActionFiles or
otherwise check the workflow directory before the SAST read, while preserving
normal validation when the directory exists.
In `@scripts/generate-site-map.ts`:
- Around line 397-408: Update the sitemap generation flow around
productRouteHandlerPaths and productRoutes so product redirect handlers are
included in the “Main product routes” section, while remaining excluded from
publicUtilityRouteHandlers. Adjust the downstream assertion in the relevant
sitemap test to expect these handlers in the main product routes section,
preserving the existing Redirects behavior as applicable.
In `@src/components/services/services-navigator-page.tsx`:
- Around line 497-502: Update the Link rendered for each comparison card in the
services navigator so its accessible name includes the corresponding service
name while retaining the visible “Open” text and existing destination. Use the
card’s service data already available in this rendering path to provide an
accessible label or equivalent link context.
In `@supabase/migrations/20260717010000_harden_rag_scalability_patch.sql`:
- Around line 31-96: Scope correct_clinical_query_terms vocabulary to the
caller’s owner and public records by adding the required access-scope parameters
and applying identical owner/public filters to both rag_aliases and
document_title_words. Mirror the complete scoped function definition in
supabase/schema.sql at lines 3473-3552, and update tests/supabase-schema.test.ts
at lines 1388-1406 to verify private vocabulary from another owner cannot affect
correction.
In `@tests/site-map.test.ts`:
- Around line 66-88: Update the site-map section assertions around
productSection, apiSection, and redirectSection to validate that each section
heading exists before slicing, so missing headings fail the test instead of
producing misleading empty sections. Also extract the Public utility route
handlers section and assert that it contains both /auth/callback and
/icons/[variant], while retaining the existing handler and API exclusion checks.
---
Outside diff comments:
In `@src/lib/rag-candidate-sources.ts`:
- Around line 185-207: Thread the caller abort signal through the retrieval
pipeline: add signal parameters to the candidate loaders in
src/lib/rag-candidate-sources.ts at lines 185-207 and 1006-1097, and pass them
to callVersionedRetrievalRpc. Propagate args.signal through document/chunk
hydration and ranking metadata in src/lib/rag-candidate-sources.ts at lines
632-873, plus page-evidence and related queries in src/lib/rag.ts at lines
1543-1691, 2514-2527, and 2802-2852, ensuring every relevant Supabase round-trip
receives the signal.
In `@src/lib/rag.ts`:
- Around line 1679-1687: Update the direct-image query near the source image
lookup to restrict results to the authorized document IDs using documentIds,
while preserving the existing image filters. In the attachment logic near the
corresponding result mapping, only attach an image when its document_id equals
the current result.document_id, preventing stale or cross-document
source_image_id values from being exposed.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: b34b0d93-4cea-4621-8c97-e337a3a1a9f5
📒 Files selected for processing (27)
docs/branch-review-ledger.mddocs/codebase-index.mddocs/site-map.mdplaywright.config.tsscripts/check-github-action-pins.mjsscripts/generate-site-map.tssrc/app/layout.tsxsrc/app/page.tsxsrc/components/clinical-dashboard/master-search-header.tsxsrc/components/forms/forms-home-page.tsxsrc/components/services/services-navigator-page.tsxsrc/lib/rag-candidate-sources.tssrc/lib/rag.tssupabase/drift-manifest.jsonsupabase/migrations/20260714180000_patch_rag_and_corrector_scalability.sqlsupabase/migrations/20260714190000_document_table_facts_trgm_idx.sqlsupabase/migrations/20260717010000_harden_rag_scalability_patch.sqlsupabase/schema.sqltests/audit-content-services-regressions.test.tstests/audit-navigation-auth-regressions.test.tstests/rag-variant-early-exit.test.tstests/site-map.test.tstests/supabase-schema.test.tstests/ui-accessibility.spec.tstests/ui-smoke.spec.tstests/ui-tools.spec.tstsconfig.json
There was a problem hiding this comment.
Caution
Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.
Actionable comments posted: 7
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
src/lib/rag.ts (1)
1679-1687: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick winRestrict direct images to the result’s authorized document.
The service-role query filters only by image ID, and attachment does not verify
image.document_id === result.document_id. A stale or cross-documentsource_image_idcan therefore expose another document’s image. Filter the query bydocumentIdsand enforce document equality when attaching.Also applies to: 1741-1746
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/lib/rag.ts` around lines 1679 - 1687, Update the direct-image query near the source image lookup to restrict results to the authorized document IDs using documentIds, while preserving the existing image filters. In the attachment logic near the corresponding result mapping, only attach an image when its document_id equals the current result.document_id, preventing stale or cross-document source_image_id values from being exposed.src/lib/rag-candidate-sources.ts (1)
185-207: 🩺 Stability & Availability | 🟠 Major | 🏗️ Heavy liftThread the caller abort signal through the retrieval pipeline.
These helpers still finish their Supabase round-trips after the request is canceled because
signalstops at the orchestration layer.
src/lib/rag-candidate-sources.ts#L185-L207,#L1006-L1097: addsignalto the candidate loaders and pass it intocallVersionedRetrievalRpc.src/lib/rag-candidate-sources.ts#L632-L873andsrc/lib/rag.ts#L1543-L1691: threadargs.signalthrough the document/chunk hydration, ranking metadata, and page-evidence queries.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/lib/rag-candidate-sources.ts` around lines 185 - 207, Thread the caller abort signal through the retrieval pipeline: add signal parameters to the candidate loaders in src/lib/rag-candidate-sources.ts at lines 185-207 and 1006-1097, and pass them to callVersionedRetrievalRpc. Propagate args.signal through document/chunk hydration and ranking metadata in src/lib/rag-candidate-sources.ts at lines 632-873, plus page-evidence and related queries in src/lib/rag.ts at lines 1543-1691, 2514-2527, and 2802-2852, ensuring every relevant Supabase round-trip receives the signal.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/branch-review-ledger.md`:
- Line 598: Update the ledger row identified by commit 570e6ba56 in the branch
review record to replace every literal � replacement character with the intended
punctuation, preserving the entry’s wording and table structure.
In `@playwright.config.ts`:
- Line 58: Update the transition assertion in tests/ui-tools.spec.ts (1021-1033)
to honor the suite-wide reduced-motion setting from playwright.config.ts
(58-58): assert the zero-duration state under reduced motion, or restrict the
100ms assertion to a motion-enabled project.
In `@scripts/check-github-action-pins.mjs`:
- Around line 13-22: Guard the SAST-specific validation block near the existing
workflow-file processing so it does not read sast.yml when .github/workflows is
absent. Reuse the directory existence result from discoverGitHubActionFiles or
otherwise check the workflow directory before the SAST read, while preserving
normal validation when the directory exists.
In `@scripts/generate-site-map.ts`:
- Around line 397-408: Update the sitemap generation flow around
productRouteHandlerPaths and productRoutes so product redirect handlers are
included in the “Main product routes” section, while remaining excluded from
publicUtilityRouteHandlers. Adjust the downstream assertion in the relevant
sitemap test to expect these handlers in the main product routes section,
preserving the existing Redirects behavior as applicable.
In `@src/components/services/services-navigator-page.tsx`:
- Around line 497-502: Update the Link rendered for each comparison card in the
services navigator so its accessible name includes the corresponding service
name while retaining the visible “Open” text and existing destination. Use the
card’s service data already available in this rendering path to provide an
accessible label or equivalent link context.
In `@supabase/migrations/20260717010000_harden_rag_scalability_patch.sql`:
- Around line 31-96: Scope correct_clinical_query_terms vocabulary to the
caller’s owner and public records by adding the required access-scope parameters
and applying identical owner/public filters to both rag_aliases and
document_title_words. Mirror the complete scoped function definition in
supabase/schema.sql at lines 3473-3552, and update tests/supabase-schema.test.ts
at lines 1388-1406 to verify private vocabulary from another owner cannot affect
correction.
In `@tests/site-map.test.ts`:
- Around line 66-88: Update the site-map section assertions around
productSection, apiSection, and redirectSection to validate that each section
heading exists before slicing, so missing headings fail the test instead of
producing misleading empty sections. Also extract the Public utility route
handlers section and assert that it contains both /auth/callback and
/icons/[variant], while retaining the existing handler and API exclusion checks.
---
Outside diff comments:
In `@src/lib/rag-candidate-sources.ts`:
- Around line 185-207: Thread the caller abort signal through the retrieval
pipeline: add signal parameters to the candidate loaders in
src/lib/rag-candidate-sources.ts at lines 185-207 and 1006-1097, and pass them
to callVersionedRetrievalRpc. Propagate args.signal through document/chunk
hydration and ranking metadata in src/lib/rag-candidate-sources.ts at lines
632-873, plus page-evidence and related queries in src/lib/rag.ts at lines
1543-1691, 2514-2527, and 2802-2852, ensuring every relevant Supabase round-trip
receives the signal.
In `@src/lib/rag.ts`:
- Around line 1679-1687: Update the direct-image query near the source image
lookup to restrict results to the authorized document IDs using documentIds,
while preserving the existing image filters. In the attachment logic near the
corresponding result mapping, only attach an image when its document_id equals
the current result.document_id, preventing stale or cross-document
source_image_id values from being exposed.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: b34b0d93-4cea-4621-8c97-e337a3a1a9f5
📒 Files selected for processing (27)
docs/branch-review-ledger.mddocs/codebase-index.mddocs/site-map.mdplaywright.config.tsscripts/check-github-action-pins.mjsscripts/generate-site-map.tssrc/app/layout.tsxsrc/app/page.tsxsrc/components/clinical-dashboard/master-search-header.tsxsrc/components/forms/forms-home-page.tsxsrc/components/services/services-navigator-page.tsxsrc/lib/rag-candidate-sources.tssrc/lib/rag.tssupabase/drift-manifest.jsonsupabase/migrations/20260714180000_patch_rag_and_corrector_scalability.sqlsupabase/migrations/20260714190000_document_table_facts_trgm_idx.sqlsupabase/migrations/20260717010000_harden_rag_scalability_patch.sqlsupabase/schema.sqltests/audit-content-services-regressions.test.tstests/audit-navigation-auth-regressions.test.tstests/rag-variant-early-exit.test.tstests/site-map.test.tstests/supabase-schema.test.tstests/ui-accessibility.spec.tstests/ui-smoke.spec.tstests/ui-tools.spec.tstsconfig.json
🛑 Comments failed to post (7)
docs/branch-review-ledger.md (1)
598-598: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Remove the replacement characters from this ledger entry.
The updated row contains literal
�characters. Replace them with the intended punctuation so the review record remains readable and auditable.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/branch-review-ledger.md` at line 598, Update the ledger row identified by commit 570e6ba56 in the branch review record to replace every literal � replacement character with the intended punctuation, preserving the entry’s wording and table structure.playwright.config.ts (1)
58-58: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash set -eu config="$(fd -a '^playwright\.config\.ts$' | head -n1)" spec="$(fd -a '^ui-tools\.spec\.ts$' tests | head -n1)" sed -n '41,83p' "$config" rg -n -C8 'transitionDuration|reducedMotion|browserName|test\.skip' "$spec"Repository: BigSimmo/Database
Length of output: 1483
🏁 Script executed:
#!/bin/bash set -eu config="$(fd -a 'playwright\.config\.ts$' | head -n1)" spec="$(fd -a 'ui-tools\.spec\.ts$' tests | head -n1)" printf '\n== playwright.config.ts ==\n' sed -n '45,75p' "$config" printf '\n== tests/ui-tools.spec.ts ==\n' sed -n '1000,1040p' "$spec"Repository: BigSimmo/Database
Length of output: 3181
🏁 Script executed:
#!/bin/bash set -eu spec="$(fd -a 'ui-tools\.spec\.ts$' tests | head -n1)" config="$(fd -a 'playwright\.config\.ts$' | head -n1)" printf '\n== motion-related uses in playwright.config.ts ==\n' rg -n 'reducedMotion|contextOptions|use:' "$config" printf '\n== surrounding test body ==\n' sed -n '1008,1045p' "$spec" printf '\n== motion-related matches in tests/ui-tools.spec.ts ==\n' rg -n 'reducedMotion|transitionDuration|transitionProperty|motion-reduce|durationMs|browserName|test\.use|test\.describe' "$spec"Repository: BigSimmo/Database
Length of output: 2613
🏁 Script executed:
#!/bin/bash set -eu spec="$(fd -a 'ui-tools\.spec\.ts$' tests | head -n1)" sed -n '1014,1038p' "$spec"Repository: BigSimmo/Database
Length of output: 1271
🏁 Script executed:
#!/bin/bash set -eu rg -n -C4 'answer-footer-search-dock|motion-reduce:transition-none|transition-(none|duration|transform)|data-scroll-hidden|data-command-open' .Repository: BigSimmo/Database
Length of output: 50373
Make the transition assertion respect the suite-wide reduced-motion setting.
playwright.config.tsappliesreducedMotion: "reduce"to every project, so this test should not require a 100ms transition here; assert the zero-duration state instead or scope the check to a motion-enabled project.📍 Affects 2 files
playwright.config.ts#L58-L58(this comment)tests/ui-tools.spec.ts#L1021-L1033🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@playwright.config.ts` at line 58, Update the transition assertion in tests/ui-tools.spec.ts (1021-1033) to honor the suite-wide reduced-motion setting from playwright.config.ts (58-58): assert the zero-duration state under reduced motion, or restrict the 100ms assertion to a motion-enabled project.scripts/check-github-action-pins.mjs (1)
13-22: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win
Guard the later SAST validation as well.
discoverGitHubActionFiles()now returns[]when.github/workflowsis absent, but the subsequentsast.ymlvalidation at Line [65] still reads from that directory unconditionally. The script will therefore still fail withENOENTin the missing-directory scenario this change intends to support. Skip or explicitly handle the SAST-specific block when the workflow directory is absent.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@scripts/check-github-action-pins.mjs` around lines 13 - 22, Guard the SAST-specific validation block near the existing workflow-file processing so it does not read sast.yml when .github/workflows is absent. Reuse the directory existence result from discoverGitHubActionFiles or otherwise check the workflow directory before the SAST read, while preserving normal validation when the directory exists.scripts/generate-site-map.ts (1)
397-408: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Include product redirect handlers in “Main product routes”.
These handlers are excluded from both the product and public-utility sections, so they appear only under Redirects. This contradicts the placement contract and the test name; combine handlers in
productRouteHandlerPathswithproductRoutes, then change the downstream assertion at Line 96 to expect their presence.Proposed fix
+ const productRouteHandlers = data.publicRouteHandlers.filter((route) => + productRouteHandlerPaths.has(route.route), + ); const publicUtilityRouteHandlers = data.publicRouteHandlers.filter( (route) => !productRouteHandlerPaths.has(route.route), ); + const mainProductRoutes = [...productRoutes, ...productRouteHandlers].sort((left, right) => + left.route.localeCompare(right.route), + ); ...section( "Main product routes", - productRoutes.map((route) => routeLine(route, routeDescriptions)), + mainProductRoutes.map((route) => routeLine(route, routeDescriptions)), ),📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.const productRouteHandlers = data.publicRouteHandlers.filter((route) => productRouteHandlerPaths.has(route.route), ); const publicUtilityRouteHandlers = data.publicRouteHandlers.filter( (route) => !productRouteHandlerPaths.has(route.route), ); const mainProductRoutes = [...productRoutes, ...productRouteHandlers].sort((left, right) => left.route.localeCompare(right.route), ); const lines = [ "# Clinical KB Site Map", "", "This file is generated by `npm run sitemap:update`. Run `npm run sitemap:check` to verify it is current.", "", ...section( "Main product routes", mainProductRoutes.map((route) => routeLine(route, routeDescriptions)),🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@scripts/generate-site-map.ts` around lines 397 - 408, Update the sitemap generation flow around productRouteHandlerPaths and productRoutes so product redirect handlers are included in the “Main product routes” section, while remaining excluded from publicUtilityRouteHandlers. Adjust the downstream assertion in the relevant sitemap test to expect these handlers in the main product routes section, preserving the existing Redirects behavior as applicable.src/components/services/services-navigator-page.tsx (1)
497-502: 🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
Include the service name in each comparison link’s accessible name.
Every comparison card exposes an identical “Open” link, so assistive-technology link lists cannot distinguish their destinations.
Proposed fix
<Link href={`/services/${service.slug}`} + aria-label={`Open ${service.title}`} className="inline-flex min-h-tap items-center text-xs font-bold text-[color:var(--clinical-accent)] sm:min-h-0" >📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.<Link href={`/services/${service.slug}`} aria-label={`Open ${service.title}`} className="inline-flex min-h-tap items-center text-xs font-bold text-[color:var(--clinical-accent)] sm:min-h-0" > Open </Link>🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/components/services/services-navigator-page.tsx` around lines 497 - 502, Update the Link rendered for each comparison card in the services navigator so its accessible name includes the corresponding service name while retaining the visible “Open” text and existing destination. Use the card’s service data already available in this rendering path to provide an accessible label or equivalent link context.supabase/migrations/20260717010000_harden_rag_scalability_patch.sql (1)
31-96: 🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift
Scope typo-correction vocabulary to the caller’s retrieval access.
The security-definer corrector scans every tenant’s aliases and document-title words. A tenant can poison another tenant’s typo correction with crafted private titles or aliases. Pass owner/public scope into the RPC and filter both vocabulary sources consistently.
supabase/migrations/20260717010000_harden_rag_scalability_patch.sql#L31-L96: add access-scope parameters and owner/public filters.supabase/schema.sql#L3473-L3552: mirror the scoped final function definition.tests/supabase-schema.test.ts#L1388-L1406: assert private vocabulary cannot affect another owner’s correction.📍 Affects 3 files
supabase/migrations/20260717010000_harden_rag_scalability_patch.sql#L31-L96(this comment)supabase/schema.sql#L3473-L3552tests/supabase-schema.test.ts#L1388-L1406🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@supabase/migrations/20260717010000_harden_rag_scalability_patch.sql` around lines 31 - 96, Scope correct_clinical_query_terms vocabulary to the caller’s owner and public records by adding the required access-scope parameters and applying identical owner/public filters to both rag_aliases and document_title_words. Mirror the complete scoped function definition in supabase/schema.sql at lines 3473-3552, and update tests/supabase-schema.test.ts at lines 1388-1406 to verify private vocabulary from another owner cannot affect correction.tests/site-map.test.ts (1)
66-88: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Make section-placement assertions fail when headings are missing.
Unchecked
indexOf()results can yield empty slices, making every negative assertion pass. Also extract the Public utility route handlers section and positively assert that/auth/callbackand/icons/[variant]occur there.Proposed fix
+ const productStart = siteMap.indexOf("## Main product routes"); + const modeStart = siteMap.indexOf("## Mode/query routes"); + const utilityStart = siteMap.indexOf("## Public utility route handlers"); + const apiStart = siteMap.indexOf("## API routes"); + const redirectsStart = siteMap.indexOf("## Redirects"); + + expect([productStart, modeStart, utilityStart, apiStart, redirectsStart]).not.toContain(-1); + - const productSection = siteMap.slice( - siteMap.indexOf("## Main product routes"), - siteMap.indexOf("## Mode/query routes"), - ); - const apiSection = siteMap.slice(siteMap.indexOf("## API routes"), siteMap.indexOf("## Redirects")); + const productSection = siteMap.slice(productStart, modeStart); + const utilitySection = siteMap.slice(utilityStart, apiStart); + const apiSection = siteMap.slice(apiStart, redirectsStart); + expect(utilitySection).toContain("`/auth/callback`"); + expect(utilitySection).toContain("`/icons/[variant]`");📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.const productStart = siteMap.indexOf("## Main product routes"); const modeStart = siteMap.indexOf("## Mode/query routes"); const utilityStart = siteMap.indexOf("## Public utility route handlers"); const apiStart = siteMap.indexOf("## API routes"); const redirectsStart = siteMap.indexOf("## Redirects"); expect([productStart, modeStart, utilityStart, apiStart, redirectsStart]).not.toContain(-1); const productSection = siteMap.slice(productStart, modeStart); const utilitySection = siteMap.slice(utilityStart, apiStart); const apiSection = siteMap.slice(apiStart, redirectsStart); const expectedProductHandlers = [ ["/applications", "src/app/applications/route.ts", "/tools"], [ "/differentials/presentations", "src/app/differentials/presentations/route.ts", "/differentials/presentations/[workflow-slug]", ], ["/medications", "src/app/medications/route.ts", "/?mode=prescribing"], ] as const; const redirectSection = siteMap.slice(siteMap.indexOf("## Redirects")); expect(utilitySection).toContain("`/auth/callback`"); expect(utilitySection).toContain("`/icons/[variant]`"); expect(data.apiRoutes.every((route) => route.route === "/api" || route.route.startsWith("/api/"))).toBe(true); expect(data.publicRouteHandlers.some((route) => route.route === "/auth/callback")).toBe(true); expect(data.publicRouteHandlers).toContainEqual({ route: "/icons/[variant]", file: "src/app/icons/[variant]/route.tsx", }); expect(apiSection).not.toContain("`/icons/[variant]`");🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tests/site-map.test.ts` around lines 66 - 88, Update the site-map section assertions around productSection, apiSection, and redirectSection to validate that each section heading exists before slicing, so missing headings fail the test instead of producing misleading empty sections. Also extract the Public utility route handlers section and assert that it contains both /auth/callback and /icons/[variant], while retaining the existing handler and API exclusion checks.
Summary
Verification
npm run check:pr-policynpm run check:runtimenpm run check:github-actionsnpm run check:ci-scopenpm run check:ci-triagenpm run sitemap:checknpm run brand:checknpm run check:type-scalenpm run check:icon-scalenpm run check:function-grantsnpm run check:owner-scopenpm run lintnpm run typechecknpm run verify:pr-local --dry-run --files src/app src/components tests scriptsclinical-kb-heavy-lock) before test execution; re-run in a clean runner is planned.Risk and rollout
mainif any production route regression is observed; no schema migration is destructive (supabasemigration files are additive/compatibility-preserving).Clinical Governance Preflight
Source-backed claims still require linked source verification before clinical use
No patient-identifiable document workflow was introduced or expanded without explicit governance approval
Supabase target remains
Clinical KB Database(sjrfecxgysukkwxsowpy)Service-role keys and private document access remain server-only
Demo/synthetic content remains clearly separated from real clinical sources
Source metadata, review status, and outdated/unknown-source behavior remain conservative
Deployment classification/TGA SaMD impact was checked when clinical decision-support behavior changed
fix: finalize design audit regression hardening
chore: fix drift manifest parity for query-corrector function
fix: make Playwright config typings match supported options
test: align retrieval and schema expectations with current behavior
chore: refresh PR policy state for merge checks
fix: exclude worktree scratch directories from typecheck
fix: land unique open-PR queue onto current main (fix: land unique open-PR queue onto current main #808)
test: run answer progress journey in CI
Summary by CodeRabbit
New Features
Bug Fixes
Documentation
Accessibility & Testing